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CLAIMS 

We claim as our invention: 

1 . A program product comprising: 

a computer useable medium having computer readable program code stored therein, 
the computer readable program code in said program product being effective when executing 
to: 

accept personality selection input provided by a user to the computer 
which has a storage device adapted to store various data files and to assume 
a selected personality in the computer based on the provided input; 

tag files to be stored in the storage device according to the selected 
personality; and 

implement a filter which (a) passes files tagged according to the 
selected personality and removes the tags applied by the code which is 
effective to tag files and which (b) blocks files not tagged according to the 
selected personality. 

2. The product of Claim 1 wherein the code which is effective to accept personality 
selection input is independent of user login identity information. 

3. The product of Claim 1 wherein the code which is effective to accept personality 
selection input accepts the input as a function of user login identity information. 

4. The product of Claim 1 wherein the code which is effective to tag files is code which 
appends characters to the data file name. 
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5. A program product comprising: 

a computer useable medium having computer readable program code stored therein, 
the computer readable program code in said program product being effective when executing 
to: 

accept and authenticate input provided by a user selected from a 
plurality of personality selection inputs to a computer which has a storage 
device adapted to store various data files and assume a selected personality 
in the computer based on the provided input; 

tag files to be stored in the storage device according to the selected 
personality wherein the contents of the tagged files are stored in an encrypted 
format on the storage device; and 

implement a filter which (a) passes files tagged according to the 
selected personality and removes the tags applied by the code which is 
effective to tag files and decrypts the contents of tagged files which have been 
stored in an encrypted format on the storage device and which (b) blocks files 
not tagged according to the selected personality; 
wherein, when at least one application is executed in the computer, a change in the selected 
personality based on newly provided input does not require termination of the at least one 
application. 

6. The product of Claim 5 wherein the code which implements the filter further passes files 
tagged as universal irrespective of the selected personality and thereby overrides the filter 
action (b) which othenA/ise blocks files not tagged according to the selected personality. 

7. The product of Claim 6 wherein the code which implements the filter additionally 

passes all files when the selected personality is a universal personality and thereby further 
overrides the filter action (b) which otherwise blocks files not tagged according to the selected 
personality. 
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8. The product of Claim 5 wherein a call to a cryptographic processor is made in a 
selected one of the authentication performed by the code which accepts and authenticates, 
the encryption performed by the code which implements the filter, and the decryption 
performed the code which implements the filter. 

9. The product of Claim 8 wherein the cryptographic processor called is a trusted platfomn 
module. 

1 0. The product of Claim 5 wherein the code which accepts and authenticates is code 
which is independent of user login identity information. 

1 1 . The product of Claim 5 wherein the personality selection performed by the code which 
accepts and authenticates is a function of user login identity information. 

1 2. The product of Claim 5 wherein the code which is effective to tag files is code which 
appends characters to the data file name. 

1 3. A method comprising the steps of: 

accepting personality selection input provided by a user to a computer which has a 
storage device adapted to store various data files and assuming a selected personality in the 
computer based on the provided input; 

tagging files to be stored in the storage device according to the selected personality; 

and 

implementing a filter which (a) passes files tagged according to the selected 
personality and removes the tagging applied in said tagging step and which (b) blocks files 
not tagged according to the selected personality. 
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14. The method of Claim 13 wherein the accepting step is independent of user login 
identity information. 

1 5. The method of Claim 1 3 wherein the accepting step accepts personality selection input 
as a function of user login identity information. 

1 6. The method of Claim 1 3 wherein said tagging is one which appends characters to the 
data file name. 
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1 7. A method comprising the steps of: 

accepting and authenticating input provided by a user selected from a plurality of 
personality selection inputs to a computer which has a storage device adapted to store 
various data files and assuming a selected personality in the computer based on the provided 
input; 

tagging files to be stored in the storage device according to the selected personality 
wherein the contents of the tagged files are stored in an encrypted format on the storage 
device; and 

implementing a filter which (a) passes files tagged according to the selected 
personality and removes the tagging applied in said tagging step and decrypts the contents 
of tagged files which have been stored in an encrypted format on the storage device and 
which (b) blocks files not tagged according to the selected personality; 

wherein, when at least one application is running in the computer, a change in the 
selected personality based on newly provided input does not require termination of the at least 
one application. 

18. The method of Claim 17 wherein the filter implemented in said implementing step 
further passes files tagged as universal irrespective of the selected personality and thereby 
overrides the filter action (b) which otherwise blocks files not tagged according to the selected 
personality. 

19. The method of Claim 18 wherein the filter implemented in said implementing step 
additionally passes all files when the selected personality is a universal personality and 
thereby f u rther overrides the filter action (b) which othenwise blocks files not tagged according 
to the selected personality. 
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20. The method of Claim 1 7 wherein a cryptographic processor is utilized in a selected 
one of the authentication perfomned in said accepting and authenticating step, the encryption 
performed In said filter implementing step, and the decryption performed in said filter 
implementing step. 

21 . The method of Claim 20 wherein the cryptographic processor is a trusted platform 
module. 

22. The method of Claim 1 7 wherein the accepting and authenticating step is performed 
independent of user login identity information. 

23. The method of Claim 17 wherein the personality selection of said accepting and 
authenticating step is performed as a function of user login identity information. 

24. The method of Claim 17 wherein the tagging in said tagging step is one which 
appends characters to the data file name. 

25. Apparatus comprising: 

a personality switch which accepts personality selection input provided by a user and 
which indicates a selected personality based on the provided input in a computer having a 
storage device capable of storing various data files; 

a tagger which is coupled to said personality switch and which tags files to be stored 
in the storage device by modifying the names of the files according to the selected personality 
as Indicated by said personality switch; and 

a filter which is coupled to said personality switch and which (a) passes files tagged 
according to the selected personality by restoring each file name to the name existing prior 
to the modification performed by said tagger and which (b) blocks files not tagged according 
to the selected personality. 
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26. Apparatus of Claim 25 wherein the personality switch accepts personality selection 
input independent of user login identity information. 

27. Apparatus of Claim 25 wherein the personality switch accepts personality selection 
input as a function of user login identity information. 

28. Apparatus of Claim 25 wherein the data file name modification is one which appends 
characters to the data file name. 

29. Apparatus comprising: 

a personality selector which accepts and authenticates input provided by a user 
selected from a plurality of personality selection inputs and which indicates a selected 
personality based on the provided input to a computer having a storage device capable of 
storing various data files; 

a tagger which is coupled to said personality selector and which tags files to be stored 
in the storage device by modifying the names of the files according to the selected personality 
as indicated by said personality selector and which stores the contents of the tagged files in 
an encrypted format on the storage device; and 

a filter which is coupled to said personality selector and which (a) passes files tagged 
according to the selected personality by restoring each file name to the name existing prior 
to the modification performed by said tagger and by decrypting the contents of tagged files 
which have been stored in an encrypted format on the storage device and which (b) blocks 
files not tagged according to the selected personality; 

wherein, when at least one application is running in the computer, a change in the 
selected personality based on newly provided input does not require tennination of the at least 
one application. 
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30. Apparatus of Claim 29 wherein said filter further passes files tagged as universal 
irrespective of the selected personality, thereby overriding the blocking (b) of files not tagged 
according to the selected personality. 

3 1 . Apparatus of Claim 30 wherein said filter additionally passes all files when the selected 
personality is a universal personality, thereby further overriding the blocking (b) of files not 
tagged according to the selected personality. 

32. Apparatus of Claim 29 wherein a cryptographic processor is utilized in a selected one 
of the authentication performed by said personality selector, the encryption performed by said 
filter, and the decryption performed by said filter. 

33. Apparatus of Claim 32 wherein the cryptographic processor is a trusted platform 
module. 

34. Apparatus of Claim 29 wherein the personality switch accepts personality selection 
input independent of user login identity information. 

35. Apparatus of Claim 29 wherein the personality switch accepts personality selection 
input as a function of user login identity information. 
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